NDR: Supported Firewalls

Natively Supported Firewalls/Devices

The manufacturers listed below are natively supported and can be ingested. If your firewall/device manufacturer is not on the list, we may still be able to support it.

To determine compatibility, we need to know if your firewall can export its logs via syslog to an external syslog server?

• If no (which is rare), we unfortunately cannot support it.
• If yes, we can collaborate with Stellar to create a custom parser. Please note:
  • Developing a new/custom parser by Stellar takes approximately 4-8 weeks.
  • There is no cost to you for this work.
  • We will need to coordinate with you to ensure the logs are sent to the SIEM so Stellar can access them.
  • During the development process, we will not be able to create security events, meaning no alerts will be generated.
  • Due to the required effort, we cannot conduct POCs for these brands.

Natively Supported Firewall/Device Vendors

• AhnLab TrusGuard
• Alcatel Lucent Switch
• Aruba Switch
• Avaya Switch
• AXGATE Next Generation Firewall
• Barracuda firewall
• Brocade switch (system & admin logs)
• Calyptix UTM
• Check Point - Application Control (CEF)
• Check Point - URL Filtering (CEF)
• CheckPoint appliance
• CheckPoint firewall
• CheckPoint VPN-1 & FireWall-1 (CEF)
• Cisco ASA
• Cisco Catalyst Firewall
• Cisco Firepower
• Cisco IKE
• Cisco MDS
• Cisco Meraki
• Cisco routers and switches
• AccopsCisco VPN
• Dell Switch
• DrayTek Firewall
• F5 BIG-IP
• F5 BIG-IP Telemetry (HTTP JSON)
• F5 IPI
• F5 iRule
• F5 L7 DDOS
• F5 Mitigation
• F5 Silverline
• F5 VPN
• Forcepoint - Firewall (CEF)
• Forcepoint -Firewall (CEF)
• Fortinet FortiGate
• Fortinet Fortigate (CEF)
• FutureSystems WeGuardia SSL plus (SSL VPN)
• Hillstone
• HPE Switch
• Juniper SRX
• Juniper SSG
• Juniper Switch
• Lancope - StealthWatch (LEEF)
• Mako Networks firewall
• McAfee Firewall
• MCAS SIEM Agent (CEF)
• MikroTik firewall and router
• Netfilter
• NetMotion
• OpenVPN
• Palo Alto Networks - Next Generation Firewall (LEEF)
• Palo Alto Networks firewall
• Palo Alto Networks Firewall via GraylogpfSense Firewall
• Pulse Secure
• Radware Alteon
• RuiJie Switch
• Sangfor NGAF
• SECUI Firewall
• SECUI MF2 Firewall
• Secuway SSLVPN
• ShareTech Firewall
• SonicWall - NSA 2400 (CEF)
• SonicWall Firewall
• SonicWall VPN
• Sophos firewall
• Sophos Web Appliance
• Splashtop
• Splunk Heavy Forwarder
• Stormshield Net Security Firewall
• Symantec Endpoint Protection
• Symantec Firewall
• Symantec Messaging Gateway
• Symantec DLP (CEF)
• Synology Directory Server
• Syslog4Net
• Thales Group CipherTrust Manager
• ThreatLocker Zero Trust EPP
• Trellix FireEye HX
• Trend Micro - Deep Security Agent (LEEF)
• Trend Micro Apex Central (CEF)
• Trend Micro Interscan Messaging
• Trend Micro Proxy
• Trend Micro TippingPoint Intrusion Prevention System (IPS)
• Tripwire EnterpriseRelated Pages
• NDR: Frequently Asked Questions (FAQs)
• NDR: Sensor Troubleshooting
• NDR: Sensor Options & Supported Firewalls
• Ubiquiti
• Unix
• Untangle Firewall (Syslog JSON)
• Varonis DatAdvantage (CEF)
• Versa Networks Firewall
• VMware - Carbon Black (LEEF)
• VMware ESXi
• VMWare Horizon
• VMware NSX-T Data Center
• VMware UAG
• VMware Vcenter
• VMWare VeloCloud SD-WAN
• WatchGuard - XTM (LEEF)
• WatchGuard firewall security appliance
• Wazuh
• Windows DNS Server
• Windows Event NXLog
• Click here to configure HostIP
• Windows System Security
• Wins IPS ONE-1 / Wins DDX
• WINS Sniper NGFW
• Zix Mail
• Zscaler NSSWeblog (CEF)
• Zscaler ZIA Firewall
• Zscaler ZIA Web
• Zscaler ZPA
• Zyxel Firewall